aboutsummaryrefslogtreecommitdiffstats
path: root/fs/ecryptfs/crypto.c
diff options
context:
space:
mode:
Diffstat (limited to 'fs/ecryptfs/crypto.c')
-rw-r--r--fs/ecryptfs/crypto.c427
1 files changed, 235 insertions, 192 deletions
diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c
index e3d2118fafad..7f788ea5da2b 100644
--- a/fs/ecryptfs/crypto.c
+++ b/fs/ecryptfs/crypto.c
@@ -467,8 +467,91 @@ out:
467} 467}
468 468
469/** 469/**
470 * ecryptfs_lower_offset_for_extent
471 *
472 * Convert an eCryptfs page index into a lower byte offset
473 */
474void ecryptfs_lower_offset_for_extent(loff_t *offset, loff_t extent_num,
475 struct ecryptfs_crypt_stat *crypt_stat)
476{
477 (*offset) = ((crypt_stat->extent_size
478 * crypt_stat->num_header_extents_at_front)
479 + (crypt_stat->extent_size * extent_num));
480}
481
482/**
483 * ecryptfs_encrypt_extent
484 * @enc_extent_page: Allocated page into which to encrypt the data in
485 * @page
486 * @crypt_stat: crypt_stat containing cryptographic context for the
487 * encryption operation
488 * @page: Page containing plaintext data extent to encrypt
489 * @extent_offset: Page extent offset for use in generating IV
490 *
491 * Encrypts one extent of data.
492 *
493 * Return zero on success; non-zero otherwise
494 */
495static int ecryptfs_encrypt_extent(struct page *enc_extent_page,
496 struct ecryptfs_crypt_stat *crypt_stat,
497 struct page *page,
498 unsigned long extent_offset)
499{
500 unsigned long extent_base;
501 char extent_iv[ECRYPTFS_MAX_IV_BYTES];
502 int rc;
503
504 extent_base = (page->index
505 * (PAGE_CACHE_SIZE / crypt_stat->extent_size));
506 rc = ecryptfs_derive_iv(extent_iv, crypt_stat,
507 (extent_base + extent_offset));
508 if (rc) {
509 ecryptfs_printk(KERN_ERR, "Error attempting to "
510 "derive IV for extent [0x%.16x]; "
511 "rc = [%d]\n", (extent_base + extent_offset),
512 rc);
513 goto out;
514 }
515 if (unlikely(ecryptfs_verbosity > 0)) {
516 ecryptfs_printk(KERN_DEBUG, "Encrypting extent "
517 "with iv:\n");
518 ecryptfs_dump_hex(extent_iv, crypt_stat->iv_bytes);
519 ecryptfs_printk(KERN_DEBUG, "First 8 bytes before "
520 "encryption:\n");
521 ecryptfs_dump_hex((char *)
522 (page_address(page)
523 + (extent_offset * crypt_stat->extent_size)),
524 8);
525 }
526 rc = ecryptfs_encrypt_page_offset(crypt_stat, enc_extent_page, 0,
527 page, (extent_offset
528 * crypt_stat->extent_size),
529 crypt_stat->extent_size, extent_iv);
530 if (rc < 0) {
531 printk(KERN_ERR "%s: Error attempting to encrypt page with "
532 "page->index = [%ld], extent_offset = [%ld]; "
533 "rc = [%d]\n", __FUNCTION__, page->index, extent_offset,
534 rc);
535 goto out;
536 }
537 rc = 0;
538 if (unlikely(ecryptfs_verbosity > 0)) {
539 ecryptfs_printk(KERN_DEBUG, "Encrypt extent [0x%.16x]; "
540 "rc = [%d]\n", (extent_base + extent_offset),
541 rc);
542 ecryptfs_printk(KERN_DEBUG, "First 8 bytes after "
543 "encryption:\n");
544 ecryptfs_dump_hex((char *)(page_address(enc_extent_page)), 8);
545 }
546out:
547 return rc;
548}
549
550/**
470 * ecryptfs_encrypt_page 551 * ecryptfs_encrypt_page
471 * @ctx: The context of the page 552 * @page: Page mapped from the eCryptfs inode for the file; contains
553 * decrypted content that needs to be encrypted (to a temporary
554 * page; not in place) and written out to the lower file
472 * 555 *
473 * Encrypt an eCryptfs page. This is done on a per-extent basis. Note 556 * Encrypt an eCryptfs page. This is done on a per-extent basis. Note
474 * that eCryptfs pages may straddle the lower pages -- for instance, 557 * that eCryptfs pages may straddle the lower pages -- for instance,
@@ -478,128 +561,121 @@ out:
478 * file, 24K of page 0 of the lower file will be read and decrypted, 561 * file, 24K of page 0 of the lower file will be read and decrypted,
479 * and then 8K of page 1 of the lower file will be read and decrypted. 562 * and then 8K of page 1 of the lower file will be read and decrypted.
480 * 563 *
481 * The actual operations performed on each page depends on the
482 * contents of the ecryptfs_page_crypt_context struct.
483 *
484 * Returns zero on success; negative on error 564 * Returns zero on success; negative on error
485 */ 565 */
486int ecryptfs_encrypt_page(struct ecryptfs_page_crypt_context *ctx) 566int ecryptfs_encrypt_page(struct page *page)
487{ 567{
488 char extent_iv[ECRYPTFS_MAX_IV_BYTES]; 568 struct inode *ecryptfs_inode;
489 unsigned long base_extent;
490 unsigned long extent_offset = 0;
491 unsigned long lower_page_idx = 0;
492 unsigned long prior_lower_page_idx = 0;
493 struct page *lower_page;
494 struct inode *lower_inode;
495 struct ecryptfs_inode_info *inode_info;
496 struct ecryptfs_crypt_stat *crypt_stat; 569 struct ecryptfs_crypt_stat *crypt_stat;
570 char *enc_extent_virt = NULL;
571 struct page *enc_extent_page;
572 loff_t extent_offset;
497 int rc = 0; 573 int rc = 0;
498 int lower_byte_offset = 0; 574
499 int orig_byte_offset = 0; 575 ecryptfs_inode = page->mapping->host;
500 int num_extents_per_page; 576 crypt_stat =
501#define ECRYPTFS_PAGE_STATE_UNREAD 0 577 &(ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat);
502#define ECRYPTFS_PAGE_STATE_READ 1
503#define ECRYPTFS_PAGE_STATE_MODIFIED 2
504#define ECRYPTFS_PAGE_STATE_WRITTEN 3
505 int page_state;
506
507 lower_inode = ecryptfs_inode_to_lower(ctx->page->mapping->host);
508 inode_info = ecryptfs_inode_to_private(ctx->page->mapping->host);
509 crypt_stat = &inode_info->crypt_stat;
510 if (!(crypt_stat->flags & ECRYPTFS_ENCRYPTED)) { 578 if (!(crypt_stat->flags & ECRYPTFS_ENCRYPTED)) {
511 rc = ecryptfs_copy_page_to_lower(ctx->page, lower_inode, 579 rc = ecryptfs_write_lower_page_segment(ecryptfs_inode, page,
512 ctx->param.lower_file); 580 0, PAGE_CACHE_SIZE);
513 if (rc) 581 if (rc)
514 ecryptfs_printk(KERN_ERR, "Error attempting to copy " 582 printk(KERN_ERR "%s: Error attempting to copy "
515 "page at index [0x%.16x]\n", 583 "page at index [%ld]\n", __FUNCTION__,
516 ctx->page->index); 584 page->index);
517 goto out; 585 goto out;
518 } 586 }
519 num_extents_per_page = PAGE_CACHE_SIZE / crypt_stat->extent_size; 587 enc_extent_virt = kmalloc(PAGE_CACHE_SIZE, GFP_USER);
520 base_extent = (ctx->page->index * num_extents_per_page); 588 if (!enc_extent_virt) {
521 page_state = ECRYPTFS_PAGE_STATE_UNREAD; 589 rc = -ENOMEM;
522 while (extent_offset < num_extents_per_page) { 590 ecryptfs_printk(KERN_ERR, "Error allocating memory for "
523 ecryptfs_extent_to_lwr_pg_idx_and_offset( 591 "encrypted extent\n");
524 &lower_page_idx, &lower_byte_offset, crypt_stat, 592 goto out;
525 (base_extent + extent_offset)); 593 }
526 if (prior_lower_page_idx != lower_page_idx 594 enc_extent_page = virt_to_page(enc_extent_virt);
527 && page_state == ECRYPTFS_PAGE_STATE_MODIFIED) { 595 for (extent_offset = 0;
528 rc = ecryptfs_write_out_page(ctx, lower_page, 596 extent_offset < (PAGE_CACHE_SIZE / crypt_stat->extent_size);
529 lower_inode, 597 extent_offset++) {
530 orig_byte_offset, 598 loff_t offset;
531 (PAGE_CACHE_SIZE 599
532 - orig_byte_offset)); 600 rc = ecryptfs_encrypt_extent(enc_extent_page, crypt_stat, page,
533 if (rc) { 601 extent_offset);
534 ecryptfs_printk(KERN_ERR, "Error attempting "
535 "to write out page; rc = [%d]"
536 "\n", rc);
537 goto out;
538 }
539 page_state = ECRYPTFS_PAGE_STATE_WRITTEN;
540 }
541 if (page_state == ECRYPTFS_PAGE_STATE_UNREAD
542 || page_state == ECRYPTFS_PAGE_STATE_WRITTEN) {
543 rc = ecryptfs_read_in_page(ctx, &lower_page,
544 lower_inode, lower_page_idx,
545 lower_byte_offset);
546 if (rc) {
547 ecryptfs_printk(KERN_ERR, "Error attempting "
548 "to read in lower page with "
549 "index [0x%.16x]; rc = [%d]\n",
550 lower_page_idx, rc);
551 goto out;
552 }
553 orig_byte_offset = lower_byte_offset;
554 prior_lower_page_idx = lower_page_idx;
555 page_state = ECRYPTFS_PAGE_STATE_READ;
556 }
557 BUG_ON(!(page_state == ECRYPTFS_PAGE_STATE_MODIFIED
558 || page_state == ECRYPTFS_PAGE_STATE_READ));
559 rc = ecryptfs_derive_iv(extent_iv, crypt_stat,
560 (base_extent + extent_offset));
561 if (rc) { 602 if (rc) {
562 ecryptfs_printk(KERN_ERR, "Error attempting to " 603 printk(KERN_ERR "%s: Error encrypting extent; "
563 "derive IV for extent [0x%.16x]; " 604 "rc = [%d]\n", __FUNCTION__, rc);
564 "rc = [%d]\n",
565 (base_extent + extent_offset), rc);
566 goto out; 605 goto out;
567 } 606 }
568 if (unlikely(ecryptfs_verbosity > 0)) { 607 ecryptfs_lower_offset_for_extent(
569 ecryptfs_printk(KERN_DEBUG, "Encrypting extent " 608 &offset, ((page->index * (PAGE_CACHE_SIZE
570 "with iv:\n"); 609 / crypt_stat->extent_size))
571 ecryptfs_dump_hex(extent_iv, crypt_stat->iv_bytes); 610 + extent_offset), crypt_stat);
572 ecryptfs_printk(KERN_DEBUG, "First 8 bytes before " 611 rc = ecryptfs_write_lower(ecryptfs_inode, enc_extent_virt,
573 "encryption:\n"); 612 offset, crypt_stat->extent_size);
574 ecryptfs_dump_hex((char *) 613 if (rc) {
575 (page_address(ctx->page) 614 ecryptfs_printk(KERN_ERR, "Error attempting "
576 + (extent_offset 615 "to write lower page; rc = [%d]"
577 * crypt_stat->extent_size)), 8); 616 "\n", rc);
578 } 617 goto out;
579 rc = ecryptfs_encrypt_page_offset(
580 crypt_stat, lower_page, lower_byte_offset, ctx->page,
581 (extent_offset * crypt_stat->extent_size),
582 crypt_stat->extent_size, extent_iv);
583 ecryptfs_printk(KERN_DEBUG, "Encrypt extent [0x%.16x]; "
584 "rc = [%d]\n",
585 (base_extent + extent_offset), rc);
586 if (unlikely(ecryptfs_verbosity > 0)) {
587 ecryptfs_printk(KERN_DEBUG, "First 8 bytes after "
588 "encryption:\n");
589 ecryptfs_dump_hex((char *)(page_address(lower_page)
590 + lower_byte_offset), 8);
591 } 618 }
592 page_state = ECRYPTFS_PAGE_STATE_MODIFIED;
593 extent_offset++; 619 extent_offset++;
594 } 620 }
595 BUG_ON(orig_byte_offset != 0); 621out:
596 rc = ecryptfs_write_out_page(ctx, lower_page, lower_inode, 0, 622 kfree(enc_extent_virt);
597 (lower_byte_offset 623 return rc;
598 + crypt_stat->extent_size)); 624}
625
626static int ecryptfs_decrypt_extent(struct page *page,
627 struct ecryptfs_crypt_stat *crypt_stat,
628 struct page *enc_extent_page,
629 unsigned long extent_offset)
630{
631 unsigned long extent_base;
632 char extent_iv[ECRYPTFS_MAX_IV_BYTES];
633 int rc;
634
635 extent_base = (page->index
636 * (PAGE_CACHE_SIZE / crypt_stat->extent_size));
637 rc = ecryptfs_derive_iv(extent_iv, crypt_stat,
638 (extent_base + extent_offset));
599 if (rc) { 639 if (rc) {
600 ecryptfs_printk(KERN_ERR, "Error attempting to write out " 640 ecryptfs_printk(KERN_ERR, "Error attempting to "
601 "page; rc = [%d]\n", rc); 641 "derive IV for extent [0x%.16x]; "
602 goto out; 642 "rc = [%d]\n", (extent_base + extent_offset),
643 rc);
644 goto out;
645 }
646 if (unlikely(ecryptfs_verbosity > 0)) {
647 ecryptfs_printk(KERN_DEBUG, "Decrypting extent "
648 "with iv:\n");
649 ecryptfs_dump_hex(extent_iv, crypt_stat->iv_bytes);
650 ecryptfs_printk(KERN_DEBUG, "First 8 bytes before "
651 "decryption:\n");
652 ecryptfs_dump_hex((char *)
653 (page_address(enc_extent_page)
654 + (extent_offset * crypt_stat->extent_size)),
655 8);
656 }
657 rc = ecryptfs_decrypt_page_offset(crypt_stat, page,
658 (extent_offset
659 * crypt_stat->extent_size),
660 enc_extent_page, 0,
661 crypt_stat->extent_size, extent_iv);
662 if (rc < 0) {
663 printk(KERN_ERR "%s: Error attempting to decrypt to page with "
664 "page->index = [%ld], extent_offset = [%ld]; "
665 "rc = [%d]\n", __FUNCTION__, page->index, extent_offset,
666 rc);
667 goto out;
668 }
669 rc = 0;
670 if (unlikely(ecryptfs_verbosity > 0)) {
671 ecryptfs_printk(KERN_DEBUG, "Decrypt extent [0x%.16x]; "
672 "rc = [%d]\n", (extent_base + extent_offset),
673 rc);
674 ecryptfs_printk(KERN_DEBUG, "First 8 bytes after "
675 "decryption:\n");
676 ecryptfs_dump_hex((char *)(page_address(page)
677 + (extent_offset
678 * crypt_stat->extent_size)), 8);
603 } 679 }
604out: 680out:
605 return rc; 681 return rc;
@@ -607,8 +683,9 @@ out:
607 683
608/** 684/**
609 * ecryptfs_decrypt_page 685 * ecryptfs_decrypt_page
610 * @file: The ecryptfs file 686 * @page: Page mapped from the eCryptfs inode for the file; data read
611 * @page: The page in ecryptfs to decrypt 687 * and decrypted from the lower file will be written into this
688 * page
612 * 689 *
613 * Decrypt an eCryptfs page. This is done on a per-extent basis. Note 690 * Decrypt an eCryptfs page. This is done on a per-extent basis. Note
614 * that eCryptfs pages may straddle the lower pages -- for instance, 691 * that eCryptfs pages may straddle the lower pages -- for instance,
@@ -620,103 +697,69 @@ out:
620 * 697 *
621 * Returns zero on success; negative on error 698 * Returns zero on success; negative on error
622 */ 699 */
623int ecryptfs_decrypt_page(struct file *file, struct page *page) 700int ecryptfs_decrypt_page(struct page *page)
624{ 701{
625 char extent_iv[ECRYPTFS_MAX_IV_BYTES]; 702 struct inode *ecryptfs_inode;
626 unsigned long base_extent;
627 unsigned long extent_offset = 0;
628 unsigned long lower_page_idx = 0;
629 unsigned long prior_lower_page_idx = 0;
630 struct page *lower_page;
631 char *lower_page_virt = NULL;
632 struct inode *lower_inode;
633 struct ecryptfs_crypt_stat *crypt_stat; 703 struct ecryptfs_crypt_stat *crypt_stat;
704 char *enc_extent_virt = NULL;
705 struct page *enc_extent_page;
706 unsigned long extent_offset;
634 int rc = 0; 707 int rc = 0;
635 int byte_offset;
636 int num_extents_per_page;
637 int page_state;
638 708
639 crypt_stat = &(ecryptfs_inode_to_private( 709 ecryptfs_inode = page->mapping->host;
640 page->mapping->host)->crypt_stat); 710 crypt_stat =
641 lower_inode = ecryptfs_inode_to_lower(page->mapping->host); 711 &(ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat);
642 if (!(crypt_stat->flags & ECRYPTFS_ENCRYPTED)) { 712 if (!(crypt_stat->flags & ECRYPTFS_ENCRYPTED)) {
643 rc = ecryptfs_do_readpage(file, page, page->index); 713 rc = ecryptfs_read_lower_page_segment(page, page->index, 0,
714 PAGE_CACHE_SIZE,
715 ecryptfs_inode);
644 if (rc) 716 if (rc)
645 ecryptfs_printk(KERN_ERR, "Error attempting to copy " 717 printk(KERN_ERR "%s: Error attempting to copy "
646 "page at index [0x%.16x]\n", 718 "page at index [%ld]\n", __FUNCTION__,
647 page->index); 719 page->index);
648 goto out; 720 goto out_clear_uptodate;
649 } 721 }
650 num_extents_per_page = PAGE_CACHE_SIZE / crypt_stat->extent_size; 722 enc_extent_virt = kmalloc(PAGE_CACHE_SIZE, GFP_USER);
651 base_extent = (page->index * num_extents_per_page); 723 if (!enc_extent_virt) {
652 lower_page_virt = kmem_cache_alloc(ecryptfs_lower_page_cache,
653 GFP_KERNEL);
654 if (!lower_page_virt) {
655 rc = -ENOMEM; 724 rc = -ENOMEM;
656 ecryptfs_printk(KERN_ERR, "Error getting page for encrypted " 725 ecryptfs_printk(KERN_ERR, "Error allocating memory for "
657 "lower page(s)\n"); 726 "encrypted extent\n");
658 goto out; 727 goto out_clear_uptodate;
659 } 728 }
660 lower_page = virt_to_page(lower_page_virt); 729 enc_extent_page = virt_to_page(enc_extent_virt);
661 page_state = ECRYPTFS_PAGE_STATE_UNREAD; 730 for (extent_offset = 0;
662 while (extent_offset < num_extents_per_page) { 731 extent_offset < (PAGE_CACHE_SIZE / crypt_stat->extent_size);
663 ecryptfs_extent_to_lwr_pg_idx_and_offset( 732 extent_offset++) {
664 &lower_page_idx, &byte_offset, crypt_stat, 733 loff_t offset;
665 (base_extent + extent_offset)); 734
666 if (prior_lower_page_idx != lower_page_idx 735 ecryptfs_lower_offset_for_extent(
667 || page_state == ECRYPTFS_PAGE_STATE_UNREAD) { 736 &offset, ((page->index * (PAGE_CACHE_SIZE
668 rc = ecryptfs_do_readpage(file, lower_page, 737 / crypt_stat->extent_size))
669 lower_page_idx); 738 + extent_offset), crypt_stat);
670 if (rc) { 739 rc = ecryptfs_read_lower(enc_extent_virt, offset,
671 ecryptfs_printk(KERN_ERR, "Error reading " 740 crypt_stat->extent_size,
672 "lower encrypted page; rc = " 741 ecryptfs_inode);
673 "[%d]\n", rc);
674 goto out;
675 }
676 prior_lower_page_idx = lower_page_idx;
677 page_state = ECRYPTFS_PAGE_STATE_READ;
678 }
679 rc = ecryptfs_derive_iv(extent_iv, crypt_stat,
680 (base_extent + extent_offset));
681 if (rc) { 742 if (rc) {
682 ecryptfs_printk(KERN_ERR, "Error attempting to " 743 ecryptfs_printk(KERN_ERR, "Error attempting "
683 "derive IV for extent [0x%.16x]; rc = " 744 "to read lower page; rc = [%d]"
684 "[%d]\n", 745 "\n", rc);
685 (base_extent + extent_offset), rc); 746 goto out_clear_uptodate;
686 goto out;
687 }
688 if (unlikely(ecryptfs_verbosity > 0)) {
689 ecryptfs_printk(KERN_DEBUG, "Decrypting extent "
690 "with iv:\n");
691 ecryptfs_dump_hex(extent_iv, crypt_stat->iv_bytes);
692 ecryptfs_printk(KERN_DEBUG, "First 8 bytes before "
693 "decryption:\n");
694 ecryptfs_dump_hex((lower_page_virt + byte_offset), 8);
695 } 747 }
696 rc = ecryptfs_decrypt_page_offset(crypt_stat, page, 748 rc = ecryptfs_decrypt_extent(page, crypt_stat, enc_extent_page,
697 (extent_offset 749 extent_offset);
698 * crypt_stat->extent_size), 750 if (rc) {
699 lower_page, byte_offset, 751 printk(KERN_ERR "%s: Error encrypting extent; "
700 crypt_stat->extent_size, 752 "rc = [%d]\n", __FUNCTION__, rc);
701 extent_iv); 753 goto out_clear_uptodate;
702 if (rc != crypt_stat->extent_size) {
703 ecryptfs_printk(KERN_ERR, "Error attempting to "
704 "decrypt extent [0x%.16x]\n",
705 (base_extent + extent_offset));
706 goto out;
707 }
708 rc = 0;
709 if (unlikely(ecryptfs_verbosity > 0)) {
710 ecryptfs_printk(KERN_DEBUG, "First 8 bytes after "
711 "decryption:\n");
712 ecryptfs_dump_hex((char *)(page_address(page)
713 + byte_offset), 8);
714 } 754 }
715 extent_offset++; 755 extent_offset++;
716 } 756 }
757 SetPageUptodate(page);
758 goto out;
759out_clear_uptodate:
760 ClearPageUptodate(page);
717out: 761out:
718 if (lower_page_virt) 762 kfree(enc_extent_virt);
719 kmem_cache_free(ecryptfs_lower_page_cache, lower_page_virt);
720 return rc; 763 return rc;
721} 764}
722 765